The unit files both have After=network.target, and this in turn implies
After=network-pre.target. Both iptables.service & ip6tables.service have
Before=network-pre.target since Fedora >= 35 and RHEL >= 8.4.
When we first added the deps on ip[6]tables.service in
commit 0756415f147dda15a417bd79eef9a62027d176e6
Author: Laine Stump <laine@xxxxxxxxxx>
Date: Fri May 1 00:05:50 2020 -0400
systemd: start libvirtd after firewalld/iptables services
the Before=network-pre.target didn't exist, but we can rely on it now
given our supported platforms matrix.
The firewalld.service has similarly has a Before=network-pre.target,
even when we took that commit above, so this dep was in face never
actually needed. This answers the question posed in that above commit
message about firewalld ordering.
https://gitlab.com/libvirt/libvirt/-/issues/489
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
src/network/virtnetworkd.service.in | 3 ---
src/remote/libvirtd.service.in | 3 ---
2 files changed, 6 deletions(-)
diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in
index f35cccb8f7..3d7374715d 100644
--- a/src/network/virtnetworkd.service.in
+++ b/src/network/virtnetworkd.service.in
@@ -5,9 +5,6 @@ Requires=virtnetworkd.socket
Requires=virtnetworkd-ro.socket
Requires=virtnetworkd-admin.socket
After=network.target
-After=firewalld.service
-After=iptables.service
-After=ip6tables.service
After=dbus.service
After=apparmor.service
Documentation=man:virtnetworkd(8)
diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index b691d35938..afda257228 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -10,9 +10,6 @@ Wants=libvirtd-admin.socket
Wants=virtlockd.socket
Wants=systemd-machined.service
After=network.target
-After=firewalld.service
-After=iptables.service
-After=ip6tables.service
After=dbus.service
After=iscsid.service
After=apparmor.service
--
2.40.1
